CVE-2018-11933

CVE-2018-11933 is rejected/not used and does not represent an active vulnerability entry.

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

Wikidforum 2.20 SQL Injection

Exploit Title: Wikidforum 2.20 - 'messageid' SQL Injection Exploit Author: Ihsan Sencan Exploit Author: Ihsan Sencan Date: 2018-10-09 Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download...

CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rbtrees when reloc control has not been initialized...

Hardcoded credentials

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...

Valve: Buffer overflows in demo parsing

This was originally reported by @yalter at https://github.com/ValveSoftware/halflife/issues/1654...

JVN#43382653: iRemoconWiFi App for Android fails to verify SSL server certificates

iRemoconWiFi App for Android provided by Glamo Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...

curl/curl_fuzzer_rtsp: Heap-buffer-overflow in rtsp_rtp_readwrite

Project: https://github.com/curl/curl.git Detailed report: https://oss-fuzz.com/testcase?key=6722246199476224 Project: curl Fuzzer: aflcurlfuzzerrtsp Fuzz target binary: curlfuzzerrtsp Job Type: aflasancurl Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x629000009214...

CVE-2017-16864

CVE-2017-16864 describes an XSS vulnerability in Atlassian Jira prior to version 7.4.2. The issue is triggered in the orderby parameter of the Jira “issue search” resource, allowing remote attackers to inject arbitrary HTML or JavaScript. Components affected are Jira’s search/resource handling fo...

CVE-2017-15205

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user...

CVE-2016-9838

An issue was discovered in components/comusers/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and...

GitLab: State filter in IssuableFinder allows attacker to delete all issues and merge requests

Vulnerability details The state filter in the IssuableFinder class has the ability to filter issues and merge requests by state. This filter is implemented by calling publicsend with unfiltered user input. This allows an attacker to call deleteall or destroyall. Because the method is called befor...

USN-2943-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2014-7470

The I Know the Movie aka com.guilardi.jesaislefilm2 application jesaisfilmandroid1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Medium: php55

Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...

OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/66251/info OpenX is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. OpenX 2.8.11 and prior versions are vulnerable...

pliggCMS (thumbnail_plus) Remote File Inclusion

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Unfixed XSS vulnerability at www.elite-formation.com

Security researcher k3vin mitnick, has submitted on 04/05/2010 a cross-site-scripting XSS vulnerability affecting www.elite-formation.com, which at the time of submission ranked 1866262 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2011...

Joomla Jeema Article Collection SQL Injection

Joomla Component comjeemaarticlecollection SQL injection Vulnerability author : Fl0riX Greetz : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r Name : comjeemaarticlecollection Bug Type : SQL Injection Infection : Admin login bilgileri alýnabilir. Demo Vuln. :...

Unfixed XSS vulnerability at www.hungryhacker.com

Security researcher TreX, has submitted on 19/05/2008 a cross-site-scripting XSS vulnerability affecting www.hungryhacker.com, which at the time of submission ranked 1512364 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008. It is...